Apologies for skipping a week. And this week isn’t going to be normal, either … it’s Steering Committee Update Week.
Steering Committee Summary
Steering Committee Elections will be in October. The project will be deciding on who’s eligible to vote as a “Member of Standing” this month; for main project code & docs contributors, that’s anyone who has 60 or more contributions showing in Devstats. There will be an exception process for other types of contributors to claim voting rights.
Having all SIGs adopt charters is being slow, with lots of discussion but few finalized. Accordingly, the SC is codifying having SIG liaisons partly to move this along. The SC also plans to allow non-SC members into meetings on an invitation basis, generally in response to a specific proposal to the SC.
The SC will host another “Meet Our Contributors Steering Committee Edition” on September 5th.
Community Meeting Summary
The community meeting this week had no demo, but instead packed in the densest set of updates we’ve seen on a Thursday morning yet. Buckle your seatbelts, Kubeistas!
Shyam Jeedigunta presented for SIG Scalability, including some new work for scale testing: a ClusterLoader rewrite in perf-test, and the perf-dash dashboard. For 1.12, kubelet will be watching for Secrets instead of polling, and they will be changing how heartbeat works, including the API, to reduce overhead. They’re also trying to reduce test flakes, help wanted.
SIG Architecture’s Brian Grant mentioned that their meeting time has changed to 11am Pacific Thursdays. They’re also changing how they track things, including API Reviews and KEP Tracking. Basically, if you need SIG-Arch attention, get on a tracking board and post to the mailing list (no GH notifications or Slack).
Sean Sullivan talked about work in SIG-CLI on kubectl, including work to move more of its logic server-side, and a plugin manager called KREW. They also launched kustomize, an on-the-fly Kube-YAML patcher. SIG-CLI’s charter is up for feedback.
SIG-AWS finally had an update, thanks to Nishi Davidson of AWS, who gave a tour of subprojects AWS-IAM-authenticator, renamed from Heptio-authenticator, allows users to log into kubectl using IAM. AWS-ALB-ingress-controller, contributed by CoreOS & Tickemaster, automatically creates ALBs from Ingress. Alpha project AWS-encryption-provider provides envelope encryption for Etcd, and AWS-CSI-driver-EBS, a Red Hat collab, provides a CSI driver for EBS, with which they hope to replace the existing driver in 1.13 or 1.14. In early development are Pod-identity-access (injecting IAM credentials into the pod), and Cloud-Provider-AWS (making AWS use the API). Kris Nova also reported on the Cluster API development.
Kubernetes Office Hours will be at 1300 and 2000 UTC this Wednesday.
The Github Management Team has been officially formed, which means that people with “owner” perms who are not on the team will find them gone. If you need GH changes, file an issue. Futher, Kubernetes SIG service accounts are going away. If you own some of these moribund mailing lists, please delete them.
Next Deadline: 1.12.0-beta0, August 14th
The 1.12 cycle is halfway through, which means development is 2/3 done; Code Freeze is in 22 days. The Release Team is validating a new build/push mechanism with a feature branch for 1.12, created for the beta. This branch will aregularly fast-forward from master.
The 1.11.2 update was released Wednesday, and 1.9.10 the prior week.
If DryRun requests are enabled, they will now go through the usual admission controller chain. This ensures that dry-run results are closer to reality but could catch some controllers unawares if they have external side effects and don’t check the request type. There was also a small follow-up PR to disable webhook controllers during dry-run.
We’ve had a few issues with mismatched versions of the
cfssl utilities in the past so to ensure everyone stays on the same cycle, we’ve vendored them. This should be entirely transparent unless you’ve made local modifications to one of the tools.
A potential small speed up for local development, if ignoring some paths you don’t have to generate the OpenAPI for then.
A (very) short PR but a good reminder to always attribute the Kubernetes logo when using it in other projects or presentations.
/watch API has been deprecated for a while now, we’ve never updated the documentation to reflect this fact. A good prompt to double check any third-party client libraries or scripts to ensure you’ve switched over to